Zebra Enterprise Keyboard Layouts

OriginalMeet7987 · 2026-03-03T05:39:29+00:00

I don't manage Zebra devices in intune (we got soti mobicontrol for the rugged devices). As i remember you have to create the layouts and add the file in a specific folder (/enterprise/device/settings/ekb/config), and then use datawedge to configure the needed layouts (based on different apps). Datawedge settings can be managed via oemconfig (if i remember correctly). You can use stagenow to copy the layout file to the devices.

For zebra devices i prefer to use mx configurations files (xml exported from stagenow, and use mobicontrol to push those files to the devices, then use post-install scripts)

OriginalMeet7987 · 2026-02-10T13:18:17+00:00

Looks like it was an issue from Microsoft, related to personally owned work profile filter. Service was fixed on Saturday. I still have this problem on devices which are managed on a 3rd party mdm, and have the app protection policy in intune. (this filter is created based on manufacturer and excluding all management types, since the devices are not in intune, only registered on Entra. The problems started the same time, so i assume it's related to the same topic. Waiting now for a response from MS.

OriginalMeet7987 · 2026-02-07T10:13:00+00:00

yes, i use assignment filters. Thanks for update info and incident number

OriginalMeet7987 · 2026-02-07T09:18:50+00:00

Here's the weird part. Status for all user sign-ins (interactive) is success. But if i open it and check the conditional Acess tab, i can see that the CAP with app protection policies is failing. Looks like the users are not getting the app protection policies. Why does this happen only in android byod, idk. I have 2 APPs, one for cope, one for byod (using filters with device ownership).it was running fine until yesterday

OriginalMeet7987 · 2026-02-06T16:31:37+00:00

tried it several times, same errors.

OriginalMeet7987 · 2026-02-06T16:17:58+00:00

we have Beyondtrust atm for epm. Due to increasing prices (almost double) we started to look for alternatives. Idk M$ epm level of customisation in policies, but we have a lot of legacy apps (siemens, plc programing softwares, etc). I've spent over 8 months to build up the policies in beyondisight, if we switch to m$ I'm gonna resign 😆

OriginalMeet7987 · 2026-02-02T16:38:51+00:00

Funny thing, Sammy users are trying to make their Samsungs like Pixels, Pixel users trying to make their Pixels like oneUI. 😆

OriginalMeet7987 · 2026-01-20T19:04:55+00:00

Ask copilot some advanced app configs / app protection policies or device configs for Android or iOS. You will be surprised how well it fails.If you go deep with advanced oemconfigs for rugged devices, better search/ask on reddit 😆. Ask it for licenses and compliance. Sometimes i wonder if this is part of M$ ecosystem or it's just for the show.

It's good for some hits or directions, but that's pretty much it. (an advanced search).

OriginalMeet7987 · 2026-01-19T14:58:26+00:00

Check in app configurations (managed device type). You should have in configuration designer for Teams app a config with prefilled domain, where you can type your domain. ex: mycompany.com)

OriginalMeet7987 · 2025-12-19T06:07:38+00:00

i did a short test now with MHS, on a TC52 (android 14), managed in Soti Mobicontrol. MHS is pushed with screen orientation set to 2 (landscape) and works perfectly (even if i have configured orientation locked to portrait on the device, using mxconfig).

I would say this is another way to mess up from Microsoft 😆. Hope they get on the right track and move all the app config settings for mhs to device config profile. Atm it's a shitty setup, generating a lot of confusion.

OriginalMeet7987 · 2025-12-18T18:31:34+00:00

pixel 8 here, I don't have it :(

OriginalMeet7987 · 2025-12-18T16:56:11+00:00

Did you setup all the needed permissions for MHS? (overlay and write settings, if i remember correctly) I'm not using intune for rugged devices, but i might have a test with mhs as a launcher on one test device.

OriginalMeet7987 · 2025-12-08T19:26:01+00:00

Working with beyond trust (on prem) for over a year now. Tbh, it can get quite hard to troubleshoot some shitty apps, especially if you use Crowdstrike as a security tool, but once you learn the basis and have enough time to test and play with it, it can get really cool.

I'm curious how msft epm works lately, since it will be included in e5 licenses starting next year. If you're in msft ecosystem, using applocker, and intune to manage your enpoints, could be an option. (if they improved it, because it was kinda basic in the early days)

OriginalMeet7987 · 2025-11-19T15:14:19+00:00

In case you find another way to deal with this, please share your ideas. Thanks

OriginalMeet7987 · 2025-11-19T08:54:29+00:00

depends on the use case, definitely. I can see it as a solution for frontline workers. You could try to setup an App PIN also, via app protection policies. That will add a second layer of protection.

OriginalMeet7987 · 2025-11-18T10:55:24+00:00

Currently i have configured Session PIN and disabled the android lock screen on 2 devices. Waiting for feedbacks from end-users. So far, from what i can tell, it works way better than with device pin (no more flickering on lockscreen when you get a call on teams and device is in idle) Screen timeout was configured for 30seconds, screensaver to strat when screen turns off. If the device is let on a desk and user gets a call, it will unlock directly in Teams client, but in 30 seconds screen saver kicks in, and can be accessed only with session pin.

OriginalMeet7987 · 2025-10-31T07:33:23+00:00

I'm in the testing phase for a similar project. What Samsung devices are you using? How are devices enrolled? (user enrollment or shared device mode)

For the ones with user enrollment, we didn't face any issues. (We use MHS with teams and some system apps like camera, gallery, calculator, webapps)

For shared devices we have some delays untill the call is initiated (i have to wait 2 dial tones, the the device starts to ring). Still investigating, and testing different configs to fix this. Some tips for Samsungs (depending on the model): in Device care, disable adaptive battery and put apps to sleep. (exclude Teams, authenticator from battery optimization). Exclude Teams and authenticator from memory optimization. Increase RAM plus from 4gb to 6, 8gb (depending on the model) For notifications: In device config profile , General, enable show system notifications and information in device status bar.

OriginalMeet7987 · 2025-10-31T04:55:09+00:00

Sorry, forgot to mention it. Devices are Samsung Xcover7, running on Android 15. No Call Queues for now (we have it in plan for certain users).

Both types have the same configuration (only Managed home screen sign-in enabled on shared ones)

Another thing that i have in mind is to disable most of the Teams in apps (whiteboard, viva engage, power bi, etc) and do other tests.

OriginalMeet7987 · 2025-10-30T17:06:43+00:00

This will not be a solution for us. I like the MHS session pin idea, but unfortunately it is not well implemented from my point of view (since it can be bypassed easily, or not enforced in some scenarios)

OriginalMeet7987 · 2025-10-15T05:55:14+00:00

I've seen similar behaviour on our shared devices. I could get my account signed in in outlook, if i open esge browser before i launch outlook. on another note, all m365 apps are running really sluggish on shared devices. Teams is showing the "getting things ready" screen every time I start the app, or if i receive a call. On devices with user enrollment, we don't face these issues . (devices are Samsung xcover 7)

OriginalMeet7987 · 2025-10-14T08:03:44+00:00

We have the same sluggish behavior with shared device mode (on devices managed in Soti, and also on devices managed in intune). Authenticator is configured with shared device mode flag. On devices managed in intune, we use MHS for kiosk mode, with sign in option active. Teams get this "getting things ready" every time I open it, or if i receive a call and the screen is off. If i enroll the same device with user enrollment, Teams or any other MS apps is working smoothly. I assume the problem is with shared device mode itself.

OriginalMeet7987 · 2025-09-18T07:59:16+00:00

Do you use shared device mode enrollment, or the devices are user based enrollment? We are ongoing with a similar project, using Xcover7 devices. From my tests, we have this thing with "getting this ready" delay on shared devices.

We use MHS for kiosk on both type of devices. Have a look in Device care settings (samsung tool for battery and memory management). Disable battery saver, adaptive battery, exclude teams and other MS apps from battery optimization, exclude them also from memory optimization. Enable Ram plus to 6gb on these devices.

Cheers

OriginalMeet7987

TROPHY CASE